Getting a 'new' machine up to date

(imported topic written by kebulm91)

Hi All,

We’ve been getting into the swing of things and have been working with BigFix for almost a couple of months now. I was wondering if any of you would be willing to share how you handle a scenario in your environment?

How do you deal with new ‘unpatched’ machines? Right now out build process ties into WSUS and we automate the installation of all Microsoft patches during the build so when the machine is finished building it should not need any patches. If we were to go away from WSUS (which we’d like to do) - how would we go about doing the same thing using BigFix? Is there a way to trigger something from the client after the BES Client has been install to apply all relevant fixlets or patches? I don’t like the idea of having a huge baseline that we keed on adding to that we set as a policy that would patch any new machines. I’ve already noticed that a baseline of over 100 fixlets sets off a red flag in the ‘Health Check’ report. How are all of you out there handling this?

I guess this could also apply to some machines that may be turned of for months at a time and come back online. How do you ensure that these machines have all the relevant patches when it comes back online? Do you try to get everything to a certain patch level and then have some rolling offer or action that has several months of things bundled into a baseline?

The whole process of deploying a patch or baseline is so different from what we’ve been doing with WSUS… we’re struggling with how to change out processes to use BigFix and still maintain some of the functionality we have WSUS. Right now as long as patches get approved in WSUS - local admins for a groups of machines can logon to them and apply the patches or thier own schedule without us having to do something. In BigFix we would have to create an offer for any new patches for that group of folks to be able to accept (although they would not have the ability to exclude a specific patch if they wanted to).

Sorry for the lengthy post - we’re just trying to figure out a strategy on how to move forward and if we can get rid of some of our old processes.